diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go index 29107d4b64..b6b1a7b3d8 100644 --- a/libpod/container_internal_common.go +++ b/libpod/container_internal_common.go @@ -1901,10 +1901,36 @@ func (c *Container) generateResolvConf() error { return err } + foundNetworkWithDNSEnabled := false + // get all the networks this container is attached to + networkInfo, err := c.getContainerNetworkInfo() + if err != nil { + return err + } + for networkName := range networkInfo.Networks { + netInfo, err := c.runtime.Network().NetworkInspect(networkName) + if err != nil { + return err + } + if netInfo.DNSEnabled { + foundNetworkWithDNSEnabled = true + break + } + } nameservers := make([]string, 0, len(c.runtime.config.Containers.DNSServers)+len(c.config.DNSServer)) - nameservers = append(nameservers, c.runtime.config.Containers.DNSServers...) - for _, ip := range c.config.DNSServer { - nameservers = append(nameservers, ip.String()) + // Docker parity: If container is connected to any network + // where dns_enabled is `true` then do not populate `/etc/resolv.conf` + // with custom dns server since DNS resolver ( aardvark-dns, dnsname ) + // will take care of using custom dns server. + if !foundNetworkWithDNSEnabled { + // Docker parity: If foundNetworkWithDNSEnabled is `false` + // means no network was found where DNS is enabled, is such + // case honor `--dns` or `dns_servers` from config and populate + // `/etc/resolv.conf` inside container. + nameservers = append(nameservers, c.runtime.config.Containers.DNSServers...) + for _, ip := range c.config.DNSServer { + nameservers = append(nameservers, ip.String()) + } } // If the user provided dns, it trumps all; then dns masq; then resolv.conf var search []string diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 78e4a62c0c..3e4d8d2555 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -1006,6 +1006,34 @@ EXPOSE 2004-2005/tcp`, ALPINE) pingTest("--net=private") }) + It("podman verify resolv.conf with --dns + --network", func() { + net := createNetworkName("IntTest") + session := podmanTest.Podman([]string{"network", "create", net}) + session.WaitWithDefaultTimeout() + defer podmanTest.removeNetwork(net) + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"run", "--name", "con1", "--dns", "1.1.1.1", "--network", net, ALPINE, "cat", "/etc/resolv.conf"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + // Must not contain custom dns server in containers + // `/etc/resolv.conf` since custom dns-server is + // already expected to be present and processed by + // Podman's DNS resolver i.e ( aarvark-dns or dnsname ). + Expect(session.OutputToString()).ToNot(ContainSubstring("nameserver 1.1.1.1")) + // But /etc/resolve.conf must contain othe nameserver + // i.e dns server configured for network. + Expect(session.OutputToString()).To(ContainSubstring("nameserver")) + + session = podmanTest.Podman([]string{"run", "--name", "con2", "--dns", "1.1.1.1", ALPINE, "cat", "/etc/resolv.conf"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + // All the networks being used by following container + // don't have dns_enabled in such scenario `/etc/resolv.conf` + // must contain nameserver which were specified via `--dns`. + Expect(session.OutputToString()).To(ContainSubstring("nameserver 1.1.1.1")) + }) + It("podman run check dnsname plugin with CNI", func() { SkipIfNetavark(podmanTest) pod := "testpod"